20 Items That Must Be On Your Cybersecurity Checklist
Cybersecurity is a top priority for businesses of all shapes and sizes, and it is vital you get it right. There is no way to be 100% protected from IT security threats, but there are various best practices you can implement. Following these items on your cybersecurity checklist can significantly reduce your risk of becoming a hacker’s next target.
1. Implement A Strong Password Policy
Within your businesses IT policies, you should make a complex password mandatory for all users. Passwords should ideally be eight characters or more, a mix of lower case and upper case letters, numbers and special characters. Not only that, but you should change all passwords every three months.
2. Update Operating Systems
No matter which operating systems your employees are using, they must be kept up to date to ensure security. Make sure to set all systems to automatically update. Furthermore, encourage everyone to shut down and reboot every night to trigger regular updates.
3. Set Automatic Screen Locks
Any computer, laptop or mobile device that are not in active use should automatically lock its screen. This can be configured in settings and, as such, is vital for keeping data and information that could be on screen safe.
4. Track All Equipment
Every piece of IT equipment that belongs to your company could potentially have data residing on it. This includes computers, laptops, mobiles, thumb drives and even cloud locations. Make sure you limit access of these systems to staff members that really need them. What’s more, keep track of where they are at all times.
5. Update Antivirus
It is wise to set all antivirus software so that it updates automatically when a new update is released. It can be worthwhile configuring reports that can check the status of antivirus updates on all computers in the business.
6. Dispose Of Data Properly
As a business, you are legally responsible for the data you hold on your customers and employees. Any physical documents with data on should be securely shredded and IT equipment should be reformatted and cleared.
7. Minimise Administrator Rights
When you allow a computer to operate in administrator mode, it can open that system up to security threats. This could lead to a compromise on your entire network. Ensure administrator mode is disabled on all but essential devices, and never do regular work on a system in administrator mode.
8. Secure Your Devices
All IT devices should be both physically and digitally secured to avoid cybersecurity threats. Servers, computers, mobile devices, and data drives should all be safely locked and secured when not in use.
9. Send Securely
If you and your employees need to send data digitally to one another or to clients or suppliers, then you should standardise tools for secure sending. This could be a dedicated portal for team members to use or an encrypted email solution.
10. Encrypt Your Back-Ups
Having back-ups of your systems and data is essential in case something does go wrong. However, these back-ups must be properly encrypted to ensure they are secure. It is a good practice to regularly review back-ups to check they are complete and you can restore them if necessary.
11. Review IT Policies
The world of IT is everchanging, and your IT policies need to reflect that. Be sure to regularly review and update your policies where necessary, and remind employees when you make changes so they can review them. Your IT policy should include details on remote access, encryption and privacy.
12. Protect Mobile Equipment
Any IT equipment that is often carried around and used in various locations, such as laptops, tablets and mobiles, should have adequate protection. These items are most at risk of theft. Consequently, it would be best to encrypt and secure devices with mandatory passwords. Make sure you have a process in place for employees to report lost or stolen devices so that they can be erased immediately.
13. Use Secure Connections
All members of your team should be able to and know how to, connect to resources in a secure way. This could be through a Virtual Private Network (VPN) or other secure connection. Remind all staff that they should not use public WiFi networks for any confidential work.
14. Screen Contractors And Employees
Before giving anyone access to any of your data and resources, you should make sure they have robust screening and background checking. This includes any contractors you are working with or potential employees. It can be very easy for a hacker to copy thousands of files in seconds once they have been granted access.
15. Promote Email Awareness
Everyone in your company should be well aware of the dangers of email. Train your staff to recognise the signs of a suspicious email, such as the sender’s email address and strange-looking attachments. Be sure that your team know to flag up suspicious emails to your IT team and not to click on any links or attachments that they aren’t sure about.
16. Have Adequate Insurance
As well as doing everything you can to prevent a cybersecurity breach, it is also worth having insurance in place should the worst happen. No cybersecurity plan is 100% effective, and there is always a risk that you could fall foul to hackers.
17. Create A Breach Response Plan
You should make sure that you have a response plan in place to deal with a data breach should it happen. This means you and your employees know exactly how to handle the situation, and it should include things like informing customers and notifying any external IT support.
18. Greet All Visitors
A very simple way to boost your cybersecurity is to remind all team members to greet anyone they don’t recognise in the office. Not only can this improve your customer service levels, but it helps you to recognise if any visitors appear suspicious.
19. Hire Experts
Having experts on your team means that you can implement your cybersecurity plans properly. Make sure your IT teams are knowledgeable and up to date with the latest best practices.
20. Educate Your Employees
Cybersecurity education among your team is often the most crucial part of your plans. If your team don’t know how to deal with a security breach or prevent one, then you can leave yourself open to risks. Invest in training for your staff to ensure they are all informed about cybersecurity and how to deal with it.
Here at TSG Training, we offer our BCS Certificate In Information Security Management Principles course and our ISTQB Advanced Security Tester course to help team members stay educated on cybersecurity. We also offer a range of free webinars that cover various cybersecurity subjects.